This is a collection of those CVS change log entries for the 0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in 0.9.8-dev (CVS head). Some obvious false positives have been eliminated: e.g., we do not care about a simple "make update"; and we don't care about changes identified to the 0.9.7 branch that were explicitly identified as backports from head. Eliminating all other entries (and finally this file), either as false positives or as things that should go into 0.9.8, remains to be done. Any additional changes to 0.9.7 that are not immediately put into 0.9.8, but belong there as well, should be added to the end of this file. 2002-02-14 03:43 levitte Changed: crypto/des/str2key.c (1.12.2.1), "Exp", lines: +12 -0 Because making the key strong by xoring the last byte with 0xF0 generates different keys than previous versions of OpenSSL and libdes, let's make Assar's change experimental for now. 2002-02-14 13:28 levitte Changed: CHANGES (1.977.2.1), "Exp", lines: +1 -1 Configure (1.314.2.1), "Exp", lines: +8 -4 Makefile.org (1.154.2.1), "Exp", lines: +2 -2 config (1.95.2.2), "Exp", lines: +4 -4 At Corinna Vinschen's request, change CygWin32 to Cygwin 2002-02-14 14:36 levitte Changed: Configure (1.314.2.2), "Exp", lines: +1 -1 The Cygwin shared extension was shifted. 2002-02-14 14:42 levitte Changed: crypto/err/err.c (1.51.2.1), "Exp", lines: +1 -1 For some reason, getting the topmost error was done the same way as getting the bottommost one. I hope I understood correctly how this should be done. It seems to work when running evp_test in an environment where it can't find openssl.cnf. 2002-02-14 14:51 levitte Changed: crypto/des/read2pwd.c (1.6.2.1), "Exp", lines: +1 -0 Make sure memset() is defined by including string.h Notified by Oscar Jacobsson 2002-02-14 17:23 levitte Changed: crypto/ui/ui_openssl.c (1.11.2.1), "Exp", lines: +7 -1 crypto/rsa/rsa.h (1.36.2.1), "Exp", lines: +6 -6 crypto/rand/rand_egd.c (1.16.2.1), "Exp", lines: +5 -1 crypto/des/read_pwd.c (1.26.2.1), "Exp", lines: +7 -1 crypto/bio/bss_log.c (1.30.2.1), "Exp", lines: +1 -1 crypto/bio/bss_bio.c (1.31.2.1), "Exp", lines: +5 -0 crypto/tmdiff.c (1.9.2.1), "Exp", lines: +17 -2 apps/speed.c (1.83.2.1), "Exp", lines: +20 -4 apps/ca.c (1.102.2.1), "Exp", lines: +1 -1 apps/s_time.c (1.23.2.1), "Exp", lines: +20 -2 Configure (1.314.2.3), "Exp", lines: +3 -0 e_os.h (1.56.2.1), "Exp", lines: +9 -1 Add the configuration target VxWorks. 2002-02-14 19:46 steve Changed: crypto/engine/hw_sureware.c (1.2.2.1), "Exp", lines: +8 -4 Fix warnings: #if out some unused function. "index" is a global function on some platforms. 2002-02-14 19:52 steve Changed: crypto/tmdiff.c (1.9.2.2), "Exp", lines: +1 -0 typo (?) 2002-02-15 00:38 steve Changed: CHANGES (1.977.2.2), "Exp", lines: +5 -0 crypto/conf/conf.h (1.30.2.1), "Exp", lines: +2 -1 crypto/conf/conf_mall.c (1.6.2.1), "Exp", lines: +6 -7 crypto/conf/conf_mod.c (1.8.2.1), "Exp", lines: +8 -0 Add argument to OPENSSL_config() and add flag to tolerate missing config file. 2002-02-15 01:12 steve Changed: NEWS (1.39.2.1), "Exp", lines: +5 -1 Update NEWS 2002-02-15 01:33 steve Changed: crypto/asn1/asn1.h (1.103.2.1), "Exp", lines: +3 -0 crypto/asn1/asn1_err.c (1.42.2.1), "Exp", lines: +3 -0 crypto/asn1/asn_moid.c (1.2.2.1), "Exp", lines: +21 -10 crypto/conf/conf_mod.c (1.8.2.2), "Exp", lines: +2 -6 Don't call finish function if it isn't set. Fix OID module. 2002-02-15 01:58 steve Changed: crypto/x509/x509_vfy.c (1.56.2.1), "Exp", lines: +23 -13 Allow a NULL store parameter to X509_STORE_CTX_init(). 2002-02-15 02:01 steve Changed: crypto/evp/evp_enc.c (1.28.2.1), "Exp", lines: +2 -1 Only initialize cipher ctx if cipher is not NULL. 2002-02-15 03:43 steve Changed: crypto/conf/conf_mod.c (1.8.2.3), "Exp", lines: +1 -1 Add flag to disable config module DSO loading. 2002-02-20 00:24 steve Changed: CHANGES (1.977.2.3), "Exp", lines: +4 -0 apps/apps.c (1.49.2.1), "Exp", lines: +20 -0 crypto/conf/conf_mall.c (1.6.2.3), "Exp", lines: +2 -14 crypto/conf/conf_mod.c (1.8.2.4), "Exp", lines: +15 -1 Use default openssl.cnf if config filename set to NULL and openssl_conf if appname NULL. 2002-02-23 14:43 steve Changed: crypto/asn1/asn_moid.c (1.2.2.2), "Exp", lines: +0 -1 Remove old comment 2002-02-26 22:42 jaenicke Changed: CHANGES (1.977.2.6), "Exp", lines: +4 -0 ssl/ssl_lib.c (1.110.2.1), "Exp", lines: +6 -8 Make sure that bad sessions are removed in SSL_clear() (found by Yoram Zahavi). Submitted by: Reviewed by: PR: 2002-03-01 16:39 ben Changed: Configure (1.314.2.6), "Exp", lines: +1 -0 OpenBSD variant. 2002-03-06 17:59 ben Changed: ssl/s3_lib.c (1.57.2.1), "Exp", lines: +1 -1 ADH-DES-CBC-SHA should be LOW. 2002-03-08 20:12 steve Changed: apps/apps.c (1.49.2.4), "Exp", lines: +1 -1 typo 2002-03-22 03:36 levitte Changed: apps/version.c (1.13.2.1), "Exp", lines: +2 -2 apps/speed.c (1.83.2.6), "Exp", lines: +6 -6 apps/passwd.c (1.24.2.2), "Exp", lines: +2 -2 Use the more modern DES API in the openssl subcommands. 2002-03-22 11:29 levitte Changed: crypto/des/des_old.h (1.9.2.4), "Exp", lines: +35 -23 Key schedules are given as arguments a bit differently in 0.9.6 and earlier. Also, a few 0.9.6 functions were missing their mappings. 2002-03-22 11:46 levitte Changed: crypto/des/destest.c (1.30.2.2), "Exp", lines: +37 -35 Key schedules are given as arguments a bit differently in 0.9.6 and earlier. Also, it was an error to define crypt() at all times. 2002-03-26 15:25 levitte Changed: CHANGES (1.977.2.15), "Exp", lines: +19 -8 crypto/des/des.h (1.40.2.2), "Exp", lines: +6 -0 Add the possibility to enable olde des support, not just disable it, for future support. Redocument 2002-04-10 21:50 jaenicke Changed: CHANGES (1.977.2.19), "Exp", lines: +723 -669 In preparation of 0.9.7: re-order changelog, so that the changes are listed as of ... -> 0.9.6c -> 0.9.6d -> 0.9.7 Submitted by: Reviewed by: PR: 2002-04-11 20:43 jaenicke Changed: NEWS (1.39.2.3), "Exp", lines: +27 -0 Compile NEWS from CHANGES. Submitted by: Reviewed by: PR: 2002-04-15 15:28 jaenicke Changed: crypto/objects/obj_dat.h (1.49.2.5), "Exp", lines: +4 -4 crypto/objects/obj_mac.h (1.19.2.5), "Exp", lines: +1 -1 crypto/objects/objects.txt (1.20.2.5), "Exp", lines: +7 -2 Use the "mail" short name according to RFC2798 (Michael Bell ). Submitted by: Reviewed by: PR: 2002-04-15 16:17 jaenicke Changed: CHANGES (1.977.2.25), "Exp", lines: +4 -2 Document OID changes. Submitted by: Reviewed by: PR: 2002-04-20 12:25 levitte Changed: util/mk1mf.pl (1.41.2.1), "Exp", lines: +4 -1 Make sure ec is properly handled in Windows. 2002-05-08 17:13 ben Changed: crypto/conf/conf_mod.c (1.8.2.6), "Exp", lines: +1 -1 Fix warning. 2002-05-11 14:42 steve Changed: ssl/ssl_cert.c (1.48.2.3), "Exp", lines: +0 -1 closedir is not used on Win32. 2002-05-22 09:53 levitte Changed: apps/speed.c (1.83.2.7), "Exp", lines: +4 -1 Remove warnings about unused symbols when configured with no-rsa. 2002-05-22 09:55 levitte Changed: crypto/asn1/x_pubkey.c (1.21.2.1), "Exp", lines: +1 -1 Remove warnings about uninitialised variables. This has already been applied in the main branch. 2002-05-22 09:56 levitte Changed: crypto/engine/hw_4758_cca.c (1.1.2.4), "Exp", lines: +14 -14 Use 0 instead of NULL when casting to function pointers, to avoid warnings from compilers when NULL is defined as '((void *)0)'. This has already been applied in the main branch. 2002-05-22 09:58 levitte Changed: util/mkerr.pl (1.18.2.1), "Exp", lines: +2 -2 Update copyright years. This has already been applied in the main branch. 2002-05-23 17:25 levitte Changed: VMS/tcpip_shr_decc.opt (1.1.4.1), "Exp", lines: +1 -0 Forgot this file. 2002-05-31 16:34 ben Changed: crypto/evp/evp_test.c (1.14.2.5), "Exp", lines: +1 -1 Fix a warning. 2002-06-05 08:45 levitte Changed: ssl/ssl-lib.com (1.11.2.3), "Exp", lines: +1 -1 test/maketests.com (1.13.2.2), "Exp", lines: +29 -1 Correct syntax in ssl-lib.com maketests.com was missing the TCP/IP options TCPIP and NONE 2002-07-30 13:30 jaenicke Changed: NEWS (1.39.2.11), "Exp", lines: +1 -1 Typo. Submitted by: Reviewed by: PR: 2002-08-13 14:19 levitte Changed: demos/engines/rsaref/Makefile (1.3.2.1), "Exp", lines: +1 -1 Export text symbols as well (AIX experts might need to correct me here). 2002-08-13 14:26 levitte Changed: demos/engines/cluster_labs/Makefile (1.1.2.1), "Exp", lines: +114 -0 demos/engines/cluster_labs/cluster_labs.h (1.1.2.1), "Exp", lines: +35 -0 demos/engines/cluster_labs/hw_cluster_labs.c (1.1.2.1), "Exp", lines: +718 -0 demos/engines/cluster_labs/hw_cluster_labs.ec (1.1.2.1), "Exp", lines: +8 -0 demos/engines/cluster_labs/hw_cluster_labs_err.c (1.1.2.1), "Exp", lines: +151 -0 demos/engines/cluster_labs/hw_cluster_labs_err.h (1.1.2.1), "Exp", lines: +95 -0 demos/engines/ibmca/Makefile (1.1.2.1), "Exp", lines: +114 -0 demos/engines/ibmca/hw_ibmca.c (1.1.2.1), "Exp", lines: +917 -0 demos/engines/ibmca/hw_ibmca.ec (1.1.2.1), "Exp", lines: +8 -0 demos/engines/ibmca/hw_ibmca_err.c (1.1.2.1), "Exp", lines: +154 -0 demos/engines/ibmca/hw_ibmca_err.h (1.1.2.1), "Exp", lines: +98 -0 demos/engines/ibmca/ica_openssl_api.h (1.1.2.1), "Exp", lines: +189 -0 demos/engines/zencod/Makefile (1.1.2.1), "Exp", lines: +114 -0 demos/engines/zencod/hw_zencod.c (1.1.2.1), "Exp", lines: +1736 -0 demos/engines/zencod/hw_zencod.ec (1.1.2.1), "Exp", lines: +8 -0 demos/engines/zencod/hw_zencod.h (1.1.2.1), "Exp", lines: +160 -0 demos/engines/zencod/hw_zencod_err.c (1.1.2.1), "Exp", lines: +151 -0 demos/engines/zencod/hw_zencod_err.h (1.1.2.1), "Exp", lines: +95 -0 OK, I've amused myself with making sure the engines that have been contributed TO WORK WITH 0.9.7 can be built as dynamically loadable libraries. For now, they're not included in crypto/engine/ since 0.9.7 is in feature freeze. Further discussion might change that, but don't hold your breath. 2002-08-15 13:48 levitte Changed: crypto/crypto-lib.com (1.53.2.8), "Exp", lines: +1 -1 I think that's the last forgotten compilation module. 2002-08-16 18:44 jaenicke Changed: README (1.39.2.9), "Exp", lines: +1 -1 Fix wrong URI. Submitted by: Mike Castle Reviewed by: PR: 200 2002-10-05 13:59 steve Changed: crypto/engine/hw_cswift.c (1.17.2.4), "Exp", lines: +1 -1 Win32 fix (signed/unsigned compare error). 2002-10-09 14:19 levitte Changed: crypto/engine/hw_cswift.c (1.17.2.5), "Exp", lines: +1 -0 The dissapearing destroy callback reappears 2002-10-24 00:09 levitte Changed: crypto/crypto-lib.com (1.53.2.9), "Exp", lines: +1 -1 An engine changed name. 2002-10-29 18:46 geoff Changed: doc/ssl/SSL_CTX_set_session_cache_mode.pod (1.5.2.2), "Exp", lines: +1 -0 Correct another inconsistency in my recent commits. 2002-11-04 17:33 levitte Changed: Configure (1.314.2.38), "Exp", lines: +4 -2 Return my normal debug targets to something not so extreme, and make the extreme ones special (or 'extreme', if you will :-)). 2002-11-13 12:35 levitte Changed: crypto/cryptlib.h (1.10.2.4), "Exp", lines: +0 -4 crypto/crypto.h (1.62.2.3), "Exp", lines: +4 -0 Make OpenSSLdie() visible (it's a must to get a proper reference in libeay.num). 2002-11-13 14:36 levitte Changed: crypto/pem/pem_lib.c (1.36.2.5), "Exp", lines: +1 -1 C++ comments in C code, 'nuff said... 2002-11-13 15:30 levitte Changed: demos/engines/ibmca/hw_ibmca.c (1.1.2.2), "Exp", lines: +3 -0 demos/engines/zencod/hw_zencod.c (1.1.2.2), "Exp", lines: +4 -1 demos/engines/cluster_labs/hw_cluster_labs.c (1.1.2.2), "Exp", lines: +5 -2 The loading functions should be static if we build a dynamic engine. 2002-12-12 18:41 levitte Changed: crypto/engine/hw_ncipher.c (1.26.2.7), "Exp", lines: +38 -2 crypto/engine/hw_ncipher_err.c (1.1.2.2), "Exp", lines: +1 -1 crypto/engine/hw_ncipher_err.h (1.1.2.2), "Exp", lines: +1 -1 crypto/cryptlib.c (1.32.2.8), "Exp", lines: +2 -1 crypto/crypto.h (1.62.2.7), "Exp", lines: +2 -1 CHANGES (1.977.2.78), "Exp", lines: +14 -0 Add a static lock called HWCRHK, for the case of having an application that wants to use the hw_ncipher engine without having given any callbacks for the dynamic type of locks. 2002-12-15 16:27 appro Changed: Makefile.org (1.154.2.41), "Exp", lines: +2 -1 Another Solaris shared build clean-up. This is not actually needed if one uses WorkShop C. It's gcc driver that brings copy of libgcc.a into .so otherwise. In case you wonder what it's -Wl,-z... and not just -z. Problem is that gcc driver apparently omits all -z options but -z text. Don't ask me why. I'm not committing corresponding workaround into the HEAD as Makefile.shared reportedly needs even more work... 2002-12-16 19:17 appro Changed: crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0 crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445 This is rollback to 0.9.6h bn_mul.c to address problem reported in RT#272. 2002-12-16 19:59 appro Changed: Makefile.org (1.154.2.42), "Exp", lines: +3 -1 Some of Sun compiler drivers (well, one of those I have) collect all options specified with -Wl in the beginnig of the ld command line which kind of obsoletes the idea as it's -z defaultextract that will be closest to lib*.a and not -z allextract:-( 2002-12-17 15:21 levitte Changed: NEWS (1.39.2.16), "Exp", lines: +4 -1 A few more NEWS items. !2002-12-27 17:49 appro ! ! Changed: ! Configure (1.314.2.62), "Exp", lines: +1 -1 ! ! According to Tim Rice assembler support in ! SCO5 never worked anyway. Note this is not going to HEAD as we ! intend to provide an alternative solution as soon as 0.9.7 is out. 2002-12-28 02:35 levitte Changed: Configure (1.314.2.63), "Exp", lines: +1 -1 Hmm, the variables $x96_elf_asm and others contain a number of colons, so when removing one reference, if should be replaced with the appropriate number of colons, or chaos will follow... It's rather silly to believe we'd release 0.9.7a in 2002 :-). 2003-01-01 16:48 ben Changed: crypto/des/des_locl.h (1.19.2.5), "Exp", lines: +1 -1 crypto/rc5/rc5_locl.h (1.3.2.4), "Exp", lines: +1 -1 Fix warnings, use correct -Ds. 2003-03-18 13:12 ben Changed: CHANGES (1.977.2.101), "Exp", lines: +6 -0 crypto/rsa/rsa_eay.c (1.28.2.4), "Exp", lines: +23 -4 crypto/rsa/rsa_lib.c (1.30.2.3), "Exp", lines: +7 -1 Turn on RSA blinding by default. 2003-03-24 17:57 steve Changed: crypto/x509/x509_vfy.c (1.56.2.5), "Exp", lines: +2 -2 crypto/x509/x509_vfy.c (1.56.2.6), "Exp", lines: +2 -2 Get X509_V_FLAG_CRL_CHECK_ALL logic the right way round. PR:544 ? 2003-04-04 16:21 levitte Changed: util/mkdef.pl (1.67.2.5), "Exp", lines: +10 -5 util/mkerr.pl (1.18.2.3), "Exp", lines: +6 -6 Transfer the changes to detect multiline comments and the GCC extension __attribute__. 2003-04-08 13:54 levitte Changed: test/Makefile.ssl (1.84.2.25), "Exp", lines: +29 -1 apps/Makefile.ssl (1.100.2.22), "Exp", lines: +1 -0 Makefile.org (1.154.2.61), "Exp", lines: +4 -5 Set LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create a library search path. Correct typos. 2003-04-09 07:25 levitte Changed: test/Makefile.ssl (1.84.2.26), "Exp", lines: +1 -1 Typo 2003-04-09 08:50 levitte Changed: apps/Makefile.ssl (1.100.2.23), "Exp", lines: +1 -0 Dont forget req. 2003-04-10 03:13 steve Changed: crypto/rsa/rsa_sign.c (1.11.2.6), "Exp", lines: +2 -2 Only call redirected rsa_sign or rsa_verify if the pointer is set. This allows, for example, a smart card to redirect rsa_sign and keep the default rsa_verify. 2003-07-03 23:43 levitte Changed: Makefile.org (1.154.2.65), "Exp", lines: +2 -2 Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and ./crypto/mem.o when we're looking for mem.o. 2003-07-27 15:46 ben Changed: crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0 crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0 Add untested CFB-r mode. Will be tested soon. 2003-07-27 19:00 ben Changed: Configure (1.314.2.85), "Exp", lines: +2 -0 Makefile.org (1.154.2.67), "Exp", lines: +12 -3 crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 fips/lib (1.1.2.1), "Exp", lines: +0 -0 fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 Unfinished FIPS stuff for review/improvement. 2003-07-27 19:19 ben Changed: fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 Use unified diff. 2003-07-27 19:23 ben Changed: fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 Build in non-FIPS mode. 2003-07-27 23:13 ben Changed: Makefile.org (1.154.2.68), "Exp", lines: +1 -1 fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 Build when not FIPS. 2003-07-28 11:56 ben Changed: fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 New fingerprints. 2003-07-28 17:07 ben Changed: Makefile.org (1.154.2.69), "Exp", lines: +5 -1 crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0 crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0 crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2 crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16 crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0 crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1 crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2 crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11 crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2 crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5 crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0 crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0 crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0 fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0 fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1 fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1 test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43 Add support for partial CFB modes, make tests work, update dependencies. 2003-07-29 12:56 ben Changed: crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6 crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0 crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8 crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1 Working CFB1 and test vectors. 2003-07-29 15:24 ben Changed: crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0 crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5 crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0 crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0 crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0 fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1 fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19 The rest of the keysizes for CFB1, working AES AVS test for CFB1. 2003-07-29 16:06 ben Changed: fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 Reformat. 2003-07-29 16:34 ben Changed: fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 MMT for CFB1 2003-07-29 17:17 ben Changed: fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 Missing files. 2003-07-29 19:05 ben Changed: crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0 crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0 crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0 crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9 crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0 crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5 crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0 crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0 crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0 fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0 AES CFB8. 2003-07-30 20:30 ben Changed: Makefile.org (1.154.2.70), "Exp", lines: +16 -5 crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1 crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0 crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14 crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1 crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0 crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0 crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23 crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6 crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0 crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6 fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1 fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0 fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1 fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0 fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0 fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0 fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0 Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. 2003-07-31 23:30 levitte Changed: Makefile.org (1.154.2.71), "Exp", lines: +2 -0 If FDIRS is to be treated like SDIRS, let's not forget to initialize it in Makefile.org. 2003-07-31 23:41 levitte Changed: fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 No C++ comments in C programs! 2003-08-01 12:25 ben Changed: crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36 crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0 crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3 crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0 Fix DES CFB-r. 2003-08-01 12:31 ben Changed: crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0 DES CFB8 test. 2003-08-01 15:07 steve Changed: fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 Replace C++ style comments. 2003-08-01 19:06 steve Changed: crypto/evp/evp_lib.c (1.6.8.2), "Exp", lines: +24 -0 crypto/objects/obj_dat.h (1.49.2.17), "Exp", lines: +15 -46 crypto/objects/obj_mac.h (1.19.2.17), "Exp", lines: +1 -24 crypto/objects/obj_mac.num (1.15.2.13), "Exp", lines: +1 -4 crypto/objects/objects.txt (1.20.2.18), "Exp", lines: +8 -12 Make the EFB NIDs have empty OIDs aliased to the real EFB OID. 2003-08-03 14:22 ben Changed: fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 Make tests work (CFB1 still doesn't produce the right answers, strangely). 2003-08-08 12:08 levitte Changed: fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 Avoid clashing with the regular DES functions when not compiling with -DFIPS. This is basically only visible when building with shared library supoort... 2003-08-11 11:36 levitte Deleted: fips/sha1/.cvsignore (1.1.2.2) fips/sha1/Makefile.ssl (1.1.2.3) fips/sha1/fingerprint.sha1 (1.1.2.3) fips/sha1/fips_md32_common.h (1.1.2.2) fips/sha1/fips_sha1dgst.c (1.1.2.3) fips/sha1/fips_sha1test.c (1.1.2.3) fips/sha1/fips_sha_locl.h (1.1.2.2) fips/sha1/fips_standalone_sha1.c (1.1.2.3) fips/sha1/sha1hashes.txt (1.1.2.2) fips/sha1/sha1vectors.txt (1.1.2.2) fips/sha1/standalone.sha1 (1.1.2.4) fips/dsa/.cvsignore (1.1.2.2) fips/dsa/Makefile.ssl (1.1.2.2) fips/dsa/fingerprint.sha1 (1.1.2.3) fips/dsa/fips_dsa_ossl.c (1.1.2.3) fips/dsa/fips_dsatest.c (1.1.2.3) fips/rand/.cvsignore (1.1.2.2) fips/rand/Makefile.ssl (1.1.2.2) fips/rand/fingerprint.sha1 (1.1.2.2) fips/rand/fips_rand.c (1.1.2.2) fips/rand/fips_rand.h (1.1.2.2) fips/rand/fips_randtest.c (1.1.2.2) fips/des/.cvsignore (1.1.2.2) fips/des/Makefile.ssl (1.1.2.3) fips/des/fingerprint.sha1 (1.1.2.2) fips/des/fips_des_enc.c (1.1.2.3) fips/des/fips_des_locl.h (1.1.2.2) fips/des/fips_desmovs.c (1.1.2.3) fips/aes/.cvsignore (1.1.2.2) fips/aes/Makefile.ssl (1.1.2.5) fips/aes/fingerprint.sha1 (1.1.2.2) fips/aes/fips_aes_core.c (1.1.2.2) fips/aes/fips_aes_locl.h (1.1.2.2) fips/aes/fips_aesavs.c (1.1.2.9) fips/.cvsignore (1.1.2.2) fips/Makefile.ssl (1.1.2.6) fips/fingerprint.sha1 (1.1.2.3) fips/fips.c (1.1.2.2) fips/fips.h (1.1.2.2) fips/fips_check_sha1 (1.1.2.4) fips/fips_err.c (1.1.2.2) fips/fips_err_wrapper.c (1.1.2.2) fips/fips_make_sha1 (1.1.2.4) fips/lib (1.1.2.2) Changed: util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 Configure (1.314.2.86), "Exp", lines: +0 -2 Makefile.org (1.154.2.72), "Exp", lines: +8 -34 TABLE (1.99.2.30), "Exp", lines: +0 -50 A new branch for FIPS-related changes has been created with the name OpenSSL-fips-0_9_7-stable. Since the 0.9.7-stable branch is supposed to be in freeze and should only contain bug corrections, this change removes the FIPS changes from that branch. 2003-08-11 11:56 levitte Changed: apps/Makefile.ssl (1.100.2.24), "Exp", lines: +1 -1 Oops, removed a little too much. 2003-08-11 13:46 levitte Changed: test/Makefile.ssl (1.84.2.33), "Exp", lines: +28 -28 Don't fiddle with LD_LIBRARY_PATH when building non-static. 2003-08-14 08:54 levitte Changed: apps/Makefile.ssl (1.100.2.25), "Exp", lines: +1 -1 test/Makefile.ssl (1.84.2.34), "Exp", lines: +28 -28 Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw weren't due to that, but to a change on the SCO machines I used for testing, where my $PATH was suddenly incorrect. 2003-09-27 20:31 levitte Changed: apps/pkcs8.c (1.22.2.8), "Exp", lines: +5 -6 Remove extra argument to BIO_printf(). PR: 685 2003-09-29 19:10 steve Changed: crypto/bio/bss_file.c (1.14.2.4), "Exp", lines: +2 -2 Fix to make it compile under Win32. 2003-11-19 06:18 geoff Changed: crypto/x509/x509.h (1.116.2.4), "Exp", lines: +0 -4 Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway. 2003-11-22 11:42 ulf Changed: crypto/bn/asm/bn-586.pl (1.5.2.1), "Exp", lines: +1 -1 bn_sub_part_words() is unused in 0.9.7. Spotted by Markus Friedl. 2004-01-21 10:58 appro Changed: Configure (1.314.2.89), "Exp", lines: +1 -0 config (1.95.2.27), "Exp", lines: +7 -6 crypto/bn/Makefile.ssl (1.65.2.7), "Exp", lines: +3 -0 Proper support for HP-UX64 gcc build. PR: 772 2004-01-29 10:41 levitte Changed: crypto/bn/bn_lcl.h (1.23.2.6), "Exp", lines: +8 -9 Have the declarations match the definitions. 2004-03-08 14:07 steve Changed: apps/ca.c (1.102.2.28), "Exp", lines: +32 -4 apps/openssl.cnf (1.23.2.2), "Exp", lines: +3 -0 Incorporate crlNumber functionality from 0.9.8 except it is commented out in openssl.cnf . using the Codenomicon TLS Test Tool (CAN-2004-0079) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CAN-2004-0112) Ready for 0.9.7d build Submitted by: Steven Henson Reviewed by: Joe Orton Approved by: Mark Cox 2004-03-25 01:57 steve Changed: crypto/pkcs7/pk7_doit.c (1.50.2.9), "Exp", lines: +9 -4 crypto/pkcs7/pk7_doit.c (1.50.2.4.2.2), "Exp", lines: +9 -4 Make S/MIME encrypt work again. 2004-04-02 14:39 levitte Changed: crypto/bn/Makefile.ssl (1.65.2.8), "Exp", lines: +1 -1 Typo. "pa-rics2W" corrected to "pa-risc2W". PR: 868 2004-05-11 14:44 ben Deleted: apps/Makefile.ssl (1.100.2.27) crypto/Makefile.ssl (1.84.2.12) crypto/aes/Makefile.ssl (1.4.2.9) crypto/asn1/Makefile.ssl (1.77.2.7) crypto/bf/Makefile.ssl (1.25.2.6) crypto/bio/Makefile.ssl (1.52.2.4) crypto/bn/Makefile.ssl (1.65.2.9) crypto/buffer/Makefile.ssl (1.32.2.4) crypto/cast/Makefile.ssl (1.31.2.6) crypto/comp/Makefile.ssl (1.32.2.4) crypto/conf/Makefile.ssl (1.38.2.8) crypto/des/Makefile.ssl (1.61.2.13) crypto/dh/Makefile.ssl (1.43.2.5) crypto/dsa/Makefile.ssl (1.49.2.9) crypto/dso/Makefile.ssl (1.11.2.4) crypto/ec/Makefile.ssl (1.7.2.4) crypto/engine/Makefile.ssl (1.30.2.13) crypto/err/Makefile.ssl (1.48.2.7) crypto/evp/Makefile.ssl (1.64.2.12) crypto/hmac/Makefile.ssl (1.33.2.6) crypto/idea/Makefile.ssl (1.20.2.4) crypto/krb5/Makefile.ssl (1.5.2.6) crypto/lhash/Makefile.ssl (1.28.2.4) crypto/md2/Makefile.ssl (1.29.2.5) crypto/md4/Makefile.ssl (1.6.2.7) crypto/md5/Makefile.ssl (1.33.2.10) crypto/mdc2/Makefile.ssl (1.30.2.4) crypto/objects/Makefile.ssl (1.46.2.6) crypto/ocsp/Makefile.ssl (1.19.2.7) crypto/pem/Makefile.ssl (1.51.2.5) crypto/pkcs12/Makefile.ssl (1.37.2.5) crypto/pkcs7/Makefile.ssl (1.47.2.5) crypto/rand/Makefile.ssl (1.56.2.8) crypto/rc2/Makefile.ssl (1.20.2.4) crypto/rc4/Makefile.ssl (1.25.2.6) crypto/rc5/Makefile.ssl (1.22.2.6) crypto/ripemd/Makefile.ssl (1.25.2.9) crypto/rsa/Makefile.ssl (1.53.2.6) crypto/sha/Makefile.ssl (1.26.2.9) crypto/stack/Makefile.ssl (1.28.2.4) crypto/txt_db/Makefile.ssl (1.26.2.4) crypto/ui/Makefile.ssl (1.10.2.6) crypto/x509/Makefile.ssl (1.56.2.5) crypto/x509v3/Makefile.ssl (1.62.2.5) ssl/Makefile.ssl (1.53.2.11) test/Makefile.ssl (1.84.2.36) tools/Makefile.ssl (1.9.2.4) Changed: .cvsignore (1.7.6.2), "Exp", lines: +2 -1 Configure (1.314.2.92), "Exp", lines: +38 -8 FAQ (1.61.2.31), "Exp", lines: +1 -1 INSTALL (1.45.2.9), "Exp", lines: +2 -2 INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 Makefile.org (1.154.2.78), "Exp", lines: +51 -19 PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 e_os.h (1.56.2.17), "Exp", lines: +20 -1 apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 test/Makefile (1.1.4.1), "Exp", lines: +941 -0 test/bctest (1.14.2.1), "Exp", lines: +1 -1 test/testenc (1.3.8.1), "Exp", lines: +1 -1 test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 util/domd (1.6.2.3), "Exp", lines: +5 -5 util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 Pull FIPS back into stable. 2004-05-12 10:27 levitte Changed: apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 Only check for FIPS signatures when FIPS is enabled. 2004-05-12 10:28 levitte Changed: crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 Makefile.ssl changed name to Makefile. 2004-05-12 10:28 levitte Changed: fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 Only really build this file when OPENSSL_FIPS is defined. And oh, let's keep internal variables static. 2004-05-12 10:42 levitte Changed: fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 I forgot to modify the signature for fips_rand.c... 2004-05-12 10:46 levitte Changed: fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 Ignore the 'lib' timestamp file. 2004-05-12 12:07 levitte Changed: fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 Ignore 'Makefile.save' 2004-05-12 12:09 levitte Changed: apps/apps.h (1.44.2.13), "Exp", lines: +0 -6 crypto/o_str.c (1.5.2.1), "Exp", lines: +4 -3 crypto/o_str.h (1.2.6.1), "Exp", lines: +0 -0 The functions OPENSSL_strcasen?cmp() were forgotten when merging the FIPS branch into this. It's needed at least for certain OpenVMS versions, and should really be used in a more general way. 2004-05-12 12:17 levitte Changed: crypto/Makefile (1.1.4.2), "Exp", lines: +3 -3 Forgot to update the Makefile with the o_str stuff... 2004-05-12 16:11 ben Changed: crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 Blow up in people's faces if they don't reseed. 2004-05-12 19:53 steve Changed: apps/x509.c (1.67.2.16), "Exp", lines: +0 -7 Fix memory leak. 2004-05-14 19:54 levitte Changed: util/libeay.num (1.173.2.20), "Exp", lines: +43 -54 All EVP_*_cfb functions have changed names to EVP_*_cfb64 or EVP_*_cfb128. 2004-05-15 18:39 ben Changed: ssl/s23_clnt.c (1.20.2.6), "Exp", lines: +5 -2 ssl/s2_clnt.c (1.37.2.11), "Exp", lines: +5 -2 ssl/s2_srvr.c (1.36.2.8), "Exp", lines: +6 -3 ssl/s3_clnt.c (1.53.2.17), "Exp", lines: +2 -1 ssl/s3_srvr.c (1.85.2.22), "Exp", lines: +4 -2 ssl/ssl_sess.c (1.40.2.8), "Exp", lines: +2 -1 Check error returns. 2004-05-15 19:51 ben Changed: crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 Fix self-tests, ban some things in FIPS mode, fix copyrights. 2004-05-17 06:28 levitte Changed: util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 Generate SHA1 files on Windows and other platforms supported by mk1mf.pl, when building in FIPS mode. Note: UNTESTED! 2004-05-17 06:30 levitte Changed: apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 Make sure the applications know when we are running in FIPS mode. We can't use the variable in libcrypto, since it's supposedly unknown. Note: currently only supported in MONOLITH mode. 2004-05-17 06:31 levitte Changed: apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 When in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5 isn't a FIPS-approved algorithm. Note: this means the user needs to keep track of this, and we need to add support for that... 2004-05-17 06:39 levitte Changed: apps/enc.c (1.35.2.10), "Exp", lines: +14 -0 Make it possible for the user to choose the digest used to create the key. 2004-05-17 06:40 levitte Changed: apps/enc.c (1.35.2.11), "Exp", lines: +4 -4 Rewrite the usage to avoid confusion. 2004-05-17 06:47 levitte Changed: apps/enc.c (1.35.2.12), "Exp", lines: +1 -1 Typo corretced. 2004-05-19 16:16 levitte Changed: fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for size_t-ification of those algorithms in future version of OpenSSL... 2004-05-27 11:33 levitte Changed: makevms.com (1.35.2.3), "Exp", lines: +27 -0 Copy the FIPS files to the temporary openssl include directory. 2004-05-27 12:04 levitte Changed: fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 makevms.com (1.35.2.4), "Exp", lines: +8 -0 Compile the FIPS directory on VMS as well. fips-lib.com is essentially a copy of crypto-lib.com, with just a few edits. 2004-05-27 12:07 levitte Changed: fips/install.com (1.1.2.1), "Exp", lines: +55 -0 install.com (1.4.2.2), "Exp", lines: +6 -6 Run an installation of FIPS stuff as well. 2004-05-27 12:19 levitte Changed: test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 Make sure o_str.h is reachable. 2004-06-19 15:15 ben Changed: Makefile.org (1.154.2.80), "Exp", lines: +1 -1 crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 The version that was actually submitted for FIPS testing. 2004-06-19 15:16 ben Changed: fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 Add Diffie-Hellman to FIPS. 2004-06-19 15:18 ben Changed: fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 Update ignores. 2004-06-19 15:32 ben Changed: Makefile.org (1.154.2.81), "Exp", lines: +2 -7 Make make tags make tags. 2004-06-19 15:54 ben Changed: apps/Makefile (1.1.4.3), "Exp", lines: +3 -3 apps/prime.c (1.1.2.1), "Exp", lines: +115 -0 apps/progs.h (1.26.2.3), "Exp", lines: +2 -0 Add primality tester. 2004-06-21 11:07 levitte Changed: fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 Make sure we don't try to loop over an empty EXHEADER. In the Makefiles where this was fixed by commenting away code, change it to check for an empty EXHEADER instead, so we have less hassle in a future where EXHEADER changes. PR: 900 2004-06-21 20:05 levitte Changed: Makefile.org (1.154.2.82), "Exp", lines: +3 -1 Standard sh doesn't tolerate ! as part of the conditional command. PR: 900 2004-06-24 14:12 steve Changed: apps/prime.c (1.1.2.2), "Exp", lines: +3 -0 Include to get definition of strcmp. 2004-06-24 14:31 steve Changed: crypto/evp/evp_lib.c (1.6.8.5), "Exp", lines: +2 -2 Return an error if an attempt is made to encode or decode cipher ASN1 parameters and the cipher doesn't support it. 2004-06-28 22:33 levitte Changed: fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 Make sure the FIPS stuff is only really compiled when in FIPS mode. 2004-07-04 18:36 steve Changed: crypto/asn1/p5_pbev2.c (1.20.2.2), "Exp", lines: +2 -1 Fix memory leak. 2004-07-12 19:59 ben Changed: fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 Corrected test program. 2004-07-17 14:48 appro Changed: fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 Eliminate enforced -g from CFLAGS. It switches off optimization with some compilers, e.g. DEC C. 2004-07-21 19:35 steve Changed: fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 Avoid compiler warnings. 2004-07-21 19:41 steve Changed: crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 When in FIPS mode write private keys in PKCS#8 and PBES2 format to avoid use of prohibited MD5 algorithm. 2004-07-23 15:20 ben Changed: fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 Convert to X9.31. 2004-07-24 15:40 appro Changed: ssl/ssl_cert.c (1.48.2.9), "Exp", lines: +5 -2 Add casts where casts due. It's "safe" to cast, because "wrong" casts will either be optimized away or never performed. The trouble is that compiler first parses code, then optimizes, not both at once... 2004-07-27 02:17 steve Changed: fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 Stop compiler warnings. 2004-07-27 02:20 steve Changed: crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 Add FIPS name to error library. 2004-07-27 14:22 steve Changed: Makefile.org (1.154.2.84), "Exp", lines: +3 -3 fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 Rename libcrypto.sha1 to libcrypto.a.sha1 2004-07-27 16:09 levitte Changed: makevms.com (1.35.2.5), "Exp", lines: +1 -1 Typo 2004-07-27 20:28 steve Changed: ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 New cipher "strength" FIPS which specifies that a cipher suite is FIPS compatible. New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL. Only allow FIPS ciphersuites in FIPS mode. 2004-07-28 04:24 levitte Changed: makevms.com (1.35.2.6), "Exp", lines: +2 -2 From the FIPS directory, darnit! 2004-07-28 15:47 levitte Changed: makevms.com (1.35.2.7), "Exp", lines: +5 -1 Define OPENSSL_FIPS in opensslconf.h if a logical name with the same name is defined. Go up one directory level before dealing with FIPS stuff. 2004-07-30 00:26 levitte Changed: fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 We're building crypto stuff, not ssl stuff. Additionally, we're in the fips subdirectory, not the crypto one... 2004-07-30 16:37 levitte Changed: fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 To protect FIPS-related global variables, add locking mechanisms around them. NOTE: because two new locks are added, this adds potential binary incompatibility with earlier versions in the 0.9.7 series. However, those locks will only ever be touched when FIPS_mode_set() is called and after, thanks to a variable that's only changed from 0 to 1 once (when FIPS_mode_set() is called). So basically, as long as FIPS mode hasn't been engaged explicitely by the calling application, the new locks are treated as if they didn't exist at all, thus not becoming a problem. Applications that are built or rebuilt to use FIPS functionality will need to be recompiled in any case, thus not being a problem either. 2004-08-02 16:15 levitte Changed: crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 Let's lock a write lock when changing values, shall we? Thanks to Dr Stephen Henson for making me aware of this error. 2004-08-05 20:11 steve Changed: fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 Stop compiler giving bogus shadow warning. 2004-08-09 14:13 levitte Changed: makevms.com (1.35.2.8), "Exp", lines: +1 -1 In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... 2004-08-09 14:14 levitte Changed: fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 Correct typos and include directory specifications. 2004-08-10 11:11 levitte Changed: fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 Update the VMS fips library builder with the DH library. 2004-08-10 12:04 levitte Changed: fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED to get struct timeval and gettimeofday(). 2004-08-11 22:34 levitte Changed: apps/makeapps.com (1.18.2.6), "Exp", lines: +2 -2 Another missing module in the VMS build files. I believe this is the last, though... 2004-09-06 16:19 levitte Changed: fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 Replace the bogus checks of n with proper uses of feof(), ferror() and clearerr(). 2004-09-06 16:21 levitte Changed: fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 num is an unsigned long, but since it was transfered from crypto/sha/sha_locl.h, where it is in fact an int, we need to check for less-than-zero as if it was an int... 2004-09-10 22:27 steve Changed: crypto/x509/x509_req.c (1.13.2.2), "Exp", lines: +1 -1 Stop warning. 2004-09-11 11:45 levitte Changed: test/testenc.com (1.6.8.2), "Exp", lines: +1 -1 Makefile.ssl changed name to Makefile... 2004-09-14 00:30 steve Changed: crypto/asn1/a_strex.c (1.8.2.6), "Exp", lines: +7 -2 ASN1_STRING_to_UTF8() assumed that the MBSTRING_* flags were of the form MBSTRING_FLAG|nbyte where "nbyte" is the number of bytes per character. Unfortunately this isn't so and we can't change the #defines because this would break binary compatibility, so for 0.9.7X only translate between the two. 2004-09-14 00:39 steve Changed: crypto/x509/x509_req.c (1.13.2.3), "Exp", lines: +1 -1 Oops, forgot to reorder extension request nids. 2004-10-08 12:03 ben Changed: fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 Update fingerprints. 2004-10-14 07:51 levitte Changed: VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 We need to check for OPENSSL_FIPS when building shared libraries, so we get correct transfer vectors for those functions when required. 2004-10-26 13:47 steve Changed: util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 Add fips/dh directory to mkfiles.pl 2004-10-26 14:17 levitte Changed: fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 fips/dh was missing in mkfiles.pl. make update 2004-10-26 15:01 steve Changed: util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 Only add fips/dh once... 2004-11-01 09:20 levitte Changed: fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if not already defined. 2004-11-11 02:18 steve Changed: crypto/engine/vendor_defns/sureware.h (1.2.2.1), "Exp", lines: +1 -1 The use of "exp" as a variable name in a prototype causes a conflict with FC2 headers. 2004-11-13 14:52 steve Changed: crypto/evp/e_old.c (1.1.2.2), "Exp", lines: +1 -1 PR: 959 Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c 2004-11-27 13:55 steve Changed: apps/prime.c (1.1.2.3), "Exp", lines: +28 -17 Fix leaks and give an error if no argument specified in prime.c 2004-11-27 14:02 steve Changed: apps/prime.c (1.1.2.4), "Exp", lines: +7 -8 Remove unnecessary check and call BIO_free_all() on bio_out to avoid a leak on VMS. 2004-12-09 19:00 appro Changed: apps/openssl.c (1.48.2.11), "Exp", lines: +1 -1 Eliminate dependency on UNICODE macro. 2004-12-09 19:03 appro Changed: crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 Postpone linking of shared libcrypto in FIPS build. 2004-12-09 19:13 appro Changed: fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 Cygwin specific FIPS fix-ups. 2004-12-09 23:43 appro Changed: Configure (1.314.2.100), "Exp", lines: +2 -3 crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 Eliminate false dependency on 386 config option is FIPS context. At the same time limit assembler support to ELF platforms [that's what is there, ELF modules]. 2004-12-10 12:37 appro Changed: Configure (1.314.2.101), "Exp", lines: +10 -3 crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 Respect no-asm with fips option and disable FIPS DES assembler in shared context [because it's not PIC]. 2004-12-10 14:15 appro Changed: fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 Solaris x86 assembler update. 2004-12-10 17:30 appro Changed: fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 Adapt FIPS sub-tree for mingw. 2004-12-20 14:18 appro Changed: util/mklink.pl (1.6.2.2), "Exp", lines: +1 -0 When re-linking files, really relink them. In other words, emulate ln -f. 2004-12-28 00:48 appro Changed: Configure (1.314.2.103), "Exp", lines: +1 -2 Makefile.org (1.154.2.92), "Exp", lines: +2 -2 Cosmetic mingw update. PR: 924 2005-01-03 18:46 steve Changed: fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 RSA KAT. 2005-01-09 18:58 appro Changed: crypto/evp/c_alld.c (1.4.2.1), "Exp", lines: +1 -1 crypto/evp/m_sha.c (1.8.2.1), "Exp", lines: +1 -1 crypto/sha/shatest.c (1.11.2.2), "Exp", lines: +2 -2 Allow for ./config no-sha0. PR: 993 2005-01-11 07:53 levitte Changed: apps/apps.c (1.49.2.31), "Exp", lines: +0 -16 Remove VMS_strcasecmp() from apps.c, it's not used any more. And besides, the implementation is bogus. 2005-01-11 17:54 levitte Changed: fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 Clear signed vs. unsigned conflicts. Change the fingerprint accordingly. 2005-01-11 19:25 levitte Changed: ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 Use EXIT() instead of exit(). 2005-01-26 21:00 steve Changed: apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 FIPS algorithm blocking. Non FIPS algorithms are not normally allowed in FIPS mode. Any attempt to use them via high level functions will return an error. The low level non-FIPS algorithm functions cannot return errors so they produce assertion failures. HMAC also has to give an assertion error because it (erroneously) can't return an error either. There are exceptions (such as MD5 in TLS and non cryptographic use of algorithms) and applications can override the blocking and use non FIPS algorithms anyway. For low level functions the override is perfomed by prefixing the algorithm initalization function with "private_" for example private_MD5_Init(). For high level functions an override is performed by setting a flag in the context. 2005-01-26 21:05 steve Changed: crypto/bf/Makefile (1.1.4.3), "Exp", lines: +5 -2 crypto/cast/Makefile (1.1.4.3), "Exp", lines: +4 -2 crypto/des/Makefile (1.1.4.6), "Exp", lines: +1 -1 crypto/evp/Makefile (1.1.4.5), "Exp", lines: +5 -5 crypto/idea/Makefile (1.1.4.3), "Exp", lines: +3 -0 crypto/md2/Makefile (1.1.4.3), "Exp", lines: +3 -1 crypto/mdc2/Makefile (1.1.4.3), "Exp", lines: +4 -2 crypto/rc2/Makefile (1.1.4.3), "Exp", lines: +5 -2 crypto/rc5/Makefile (1.1.4.3), "Exp", lines: +5 -1 crypto/sha/Makefile (1.1.4.7), "Exp", lines: +7 -1 fips/Makefile (1.1.4.7), "Exp", lines: +1 -7 fips/sha1/Makefile (1.1.4.8), "Exp", lines: +1 -3 util/libeay.num (1.173.2.24), "Exp", lines: +13 -0 make update 2005-01-27 02:49 steve Changed: apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 More FIPS algorithm blocking. Catch attempted use of non FIPS algorithms with HMAC. Give an assertion error for applications that ignore FIPS digest errors. Make -non-fips-allow work with dgst and HMAC. 2005-01-28 15:03 steve Changed: apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 test/testenc (1.3.8.2), "Exp", lines: +8 -8 Further FIPS algorithm blocking. Fixes to cipher blocking and enabling code. Add option -non-fips-allow to 'enc' and update testenc. 2005-01-31 02:33 steve Changed: ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 Only allow TLS is FIPS mode. Remove old FIPS_allow_md5() calls. 2005-01-31 02:40 steve Changed: crypto/asn1/a_verify.c (1.12.2.3), "Exp", lines: +7 -6 Avoid memory leak. 2005-01-31 02:46 steve Changed: test/testss (1.7.2.1), "Exp", lines: +1 -1 Use SHA1 for test certificates so FIPS SSL/TLS tests work. 2005-02-03 12:09 appro Changed: Configure (1.314.2.105), "Exp", lines: +2 -2 Makefile.org (1.154.2.94), "Exp", lines: +16 -6 TABLE (1.99.2.44), "Exp", lines: +2 -2 Final HP-UX specific touches to "cope with run-time linker on multi-ABI platforms." 2005-02-05 19:24 steve Changed: apps/req.c (1.88.2.18), "Exp", lines: +8 -1 apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 In FIPS mode use SHA1 as default digest in x509 and req utilities. 2005-03-12 10:28 appro Changed: Makefile.org (1.154.2.95), "Exp", lines: +9 -2 apps/Makefile (1.1.4.13), "Exp", lines: +0 -1 test/Makefile (1.1.4.9), "Exp", lines: +0 -1 Move copying of .dll to apps/ and test/ to more appropriate place. 2005-03-12 13:15 appro Changed: apps/Makefile (1.1.4.14), "Exp", lines: +4 -2 test/Makefile (1.1.4.10), "Exp", lines: +42 -194 Fold rules in test/Makefile and provide hooks for updated FIPS build procedures. 2005-03-15 10:46 appro Changed: Makefile.org (1.154.2.96), "Exp", lines: +1 -1 crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this in crypto/Makefile and make Makefile.org and fips/Makefile more discreet. 2005-03-22 18:29 steve Changed: fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 Fix memory leak. 2005-03-26 20:32 appro Changed: crypto/perlasm/x86nasm.pl (1.2.8.8), "Exp", lines: +6 -1 Resolve "operation size not specified" in NASM modules. 2005-03-27 05:36 steve Changed: crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS mode. 2005-04-03 21:16 appro Changed: Configure (1.314.2.109), "Exp", lines: +10 -0 TABLE (1.99.2.48), "Exp", lines: +50 -0 config (1.95.2.33), "Exp", lines: +9 -2 crypto/bn/Makefile (1.1.4.4), "Exp", lines: +1 -0 crypto/rc4/Makefile (1.1.4.6), "Exp", lines: +1 -1 Extend Solaris x86 support to amd64. Note that if both gcc and Sun C are installed, it defaults to gcc, because it beats Sun C on every benchmark. Also note that gcc shared build was verified to work woth Sun C... 2005-04-14 00:47 appro Changed: Makefile.org (1.154.2.98), "Exp", lines: +1 -1 Move cygcrypto.dll above cygwin.dll. 2005-04-14 14:44 steve Changed: fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0 util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0 Perl script that checks or rebuilds FIPS hash files. This works on both Unix and Windows. Merge all FIPS hash files into a single hash file fips/fips.sha1 2005-04-15 05:27 steve Changed: fips/Makefile (1.1.4.9), "Exp", lines: +1 -1 fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4 fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4 fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4 fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4 fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4 fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4 fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7 Update hash checking in makefiles to use new perl script. 2005-04-15 10:00 nils Changed: doc/HOWTO/keys.txt (1.1.2.2), "Exp", lines: +3 -3 doc/crypto/EVP_EncryptInit.pod (1.10.2.5), "Exp", lines: +3 -3 EVP_CIPHER_CTX_init is a void function + fix typo PR: 1044 + 1045 2005-04-17 03:15 levitte Changed: ssl/ssltest.c (1.53.2.28), "Exp", lines: +4 -1 Apparently, isascii() is an X/Open function, so to get it properly declared, we need to define _XOPEN_SOURCE before including ctype.h. Ported from HEAD. 2005-04-17 06:35 steve Changed: util/pl/VC-32.pl (1.11.2.6), "Exp", lines: +1 -1 Include user32.lib to import MessageBoxIndirect 2005-04-17 06:37 steve Changed: util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127 Modify checkhash.pl so it can be run standalone or included as a funtion in another perl script. 2005-04-17 16:00 appro Changed: fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5 Bring back fips_standalone_sha1. 2005-04-17 16:17 appro Deleted: fips/sha1/asm/sx86-elf.s (1.1.4.4) Changed: Configure (1.314.2.114), "Exp", lines: +1 -1 fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1 fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1 fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1 fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0 Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s. 2005-04-17 16:21 steve Changed: util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0 Return 0 for successful hash check. 2005-04-17 16:35 appro Changed: Configure (1.314.2.115), "Exp", lines: +1 -1 fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1 fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98 Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag. 2005-04-17 16:54 appro Changed: Configure (1.314.2.116), "Exp", lines: +8 -1 Makefile.org (1.154.2.99), "Exp", lines: +3 -2 crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0 fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0 fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2 fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0 Throw in fips/aes/asm/fips-ax86-elf.s. 2005-04-17 17:26 appro Changed: crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55 crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3 fips/fips.c (1.1.2.11), "Exp", lines: +62 -8 fips/fips.h (1.1.2.7), "Exp", lines: +2 -3 fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3 fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4 fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1 fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2 Resolve minor binary compatibility issues in fips. 2005-04-17 18:22 appro Changed: fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12 fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1 fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2 fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1 fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1 fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3 fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2 fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1 fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1 fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1 fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11 fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1 fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1 fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2 Minor fips const-ification. 2005-04-18 07:02 steve Changed: crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0 crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0 crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0 crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0 crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0 crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0 Pick up definition of FIPS_mode() in fips.h to avoid warnings. 2005-04-18 10:34 steve Deleted: fips/fingerprint.sha1 (1.1.2.14) fips/fips_check_sha1 (1.1.2.8) fips/fips_make_sha1 (1.1.2.7) fips/aes/fingerprint.sha1 (1.1.2.7) fips/des/fingerprint.sha1 (1.1.2.6) fips/dh/fingerprint.sha1 (1.1.2.4) fips/dsa/fingerprint.sha1 (1.1.2.7) fips/rand/fingerprint.sha1 (1.1.2.10) fips/rsa/fingerprint.sha1 (1.1.4.7) fips/sha1/fingerprint.sha1 (1.1.2.12) Changed: fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4 Remove obsolete fingerprint.sha1 files and associated scripts. Delete test in fips/sha1/Makefile: the top level test checks the same files. 2005-04-19 09:11 appro Deleted: fips/fipshashes.sha1 (1.1.2.7) fips/sha1/standalone.sha1 (1.1.2.15) Changed: fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0 util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4 Maintain fingerprint hashes as C source. 2005-04-19 09:17 appro Changed: util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1 Complete the transition C-code hashes. 2005-04-19 16:21 appro Changed: Configure (1.314.2.117), "Exp", lines: +24 -21 Makefile.org (1.154.2.100), "Exp", lines: +1 -11 TABLE (1.99.2.52), "Exp", lines: +20 -20 apps/Makefile (1.1.4.15), "Exp", lines: +1 -1 test/Makefile (1.1.4.12), "Exp", lines: +1 -1 Enable shared link on HP-UX. 2005-04-19 18:00 steve Changed: util/mkdef.pl (1.67.2.9), "Exp", lines: +2 -2 Fix from HEAD. 2005-04-20 10:27 steve Changed: Configure (1.314.2.118), "Exp", lines: +1 -1 util/mk1mf.pl (1.41.2.12), "Exp", lines: +2 -0 Ignore zlib related options in mk1mf.pl 2005-04-20 18:42 steve Changed: Configure (1.314.2.119), "Exp", lines: +2 -2 Don't use kerberos library locations on windows. 2005-04-21 19:06 steve Changed: apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2 fips/fips.c (1.1.2.12), "Exp", lines: +0 -27 fips/fips.h (1.1.2.8), "Exp", lines: +0 -2 fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2 Remove defunct FIPS_allow_md5() and related functions. 2005-04-22 06:15 appro Changed: fips/fips.c (1.1.2.13), "Exp", lines: +3 -3 fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3 fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2 Move some variables to .bss. 2005-04-22 07:17 steve Changed: CHANGES (1.977.2.156), "Exp", lines: +5 -0 crypto/bn/bn.h (1.66.2.4), "Exp", lines: +2 -0 crypto/bn/bn_mont.c (1.30.2.3), "Exp", lines: +20 -0 crypto/dh/dh_key.c (1.16.2.4), "Exp", lines: +14 -10 crypto/dsa/dsa_ossl.c (1.12.2.7), "Exp", lines: +12 -9 crypto/rsa/rsa_eay.c (1.28.2.10), "Exp", lines: +16 -90 fips/fipshashes.c (1.1.2.5), "Exp", lines: +3 -3 fips/dh/fips_dh_key.c (1.1.2.4), "Exp", lines: +13 -10 fips/dsa/fips_dsa_ossl.c (1.1.2.8), "Exp", lines: +12 -9 fips/rsa/fips_rsa_eay.c (1.1.4.5), "Exp", lines: +17 -90 New function BN_MONT_CTX_set_locked, to set montgomery parameters in a threadsafe manner. Modify or add calls to use it in rsa, dsa and dh algorithms. 2005-04-23 06:46 nils Changed: crypto/dsa/dsa_ossl.c (1.12.2.8), "Exp", lines: +1 -1 crypto/rsa/rsa_eay.c (1.28.2.11), "Exp", lines: +4 -4 fix typo